Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD During Virus Scans


  • Please log in to reply
2 replies to this topic

#1 rmcmullan

rmcmullan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 17 March 2017 - 09:46 PM

Hello community,

I'm running a Win7 desktop that has been running fine for a while.  One history of rootkit that got professionally cleaned and has been good since then.  I use Avira for realtime protection with occasional manual scans with Malwarebytes and SuperAntiSpyware.  The OS is on a SSD.

 

Lately, when I run a scan on Avira or Malwarebytes I get a BSOD crash during the file scan portion.  This leads to a reboot and a "Windows failed to start" message (Status 0xc0000225).  Power off and back on and it loads normally.

 

I have tried uninstalling Avira, Malwarebytes, and SuperAntiSpyware and then reinstalling one at a time and still get crashes.  I've tried running them in Safe Mode.  I've tried chkdsk and it did not find any problems.  Ran System File Checker tool.  Based on reading other posts, I've tried the following:

* RKill before scans

* FRST64

* JRT

* MBAR

* EmsisoftEmergencyKit

* ADWCleaner

* TDSSKiller

These did not turn up anything particularly threatening (just some trackers in ADWCleaner).

 

CrystalDiskInfo shows all hard drives at 100% Good condition.  

 

I also noticed that System Restore/System Protection was turned off, which I did not do manually.  Turned it back on for the OS-bearing SSD.

 

I would greatly appreciate any support or leads folks could offer.  I'll post logs in the next post.

 

 


RKill

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/17/2017 05:35:31 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual
 
 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * NetBT (NetBT) is not Running.
   Startup Type set to: System
 
 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System
 
 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 03/17/2017 05:35:45 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)


BC AdBot (Login to Remove)

 


#2 rmcmullan

rmcmullan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 17 March 2017 - 09:51 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Ryan (administrator) on CARROWMORE (17-03-2017 16:51:45)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Ryan\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Box, Inc.) C:\Users\Ryan\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\Ryan\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_121\bin\javaw.exe
(EVGA) C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3\X3HID.exe
(EVGA) C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3L\X3LHID.exe
(EVGA) C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5\X5HID.exe
(EVGA) C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5L\X5LHID.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(EVGA) C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\TrayIcon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5309232 2017-02-14] (Box, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MyBackupPC] => C:\Program Files (x86)\Rerware\MyBackupPC\mybackuppc.exe [170791 2015-11-02] (Rerware LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [X3] => C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3\X3HID.exe [1786880 2015-03-16] (EVGA)
HKLM-x32\...\Run: [X3L] => C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3L\X3LHID.exe [1787392 2015-03-16] (EVGA)
HKLM-x32\...\Run: [X5] => C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5\X5HID.exe [1787392 2015-05-28] (EVGA)
HKLM-x32\...\Run: [X5L] => C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5L\X5LHID.exe [1786880 2015-03-16] (EVGA)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [MusicManager] => C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Dropbox Update] => C:\Users\Ryan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Amazon Music] => C:\Users\Ryan\AppData\Local\Amazon Music\Amazon Music Helper.exe [3494376 2016-12-14] ()
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Box Edit] => C:\Users\Ryan\AppData\Local\Box\Box Edit\Box Edit.exe [921776 2017-01-31] (Box, Inc.)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [Box Local Com Server] => C:\Users\Ryan\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [122544 2017-01-31] (Box, Inc.)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Run: [GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF] => C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\WINDOWS\SYSTEM32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-06-15]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2012-06-15]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{174A5285-F6E7-4598-9728-F624B0BB5AD0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2B4C5C82-DC8B-4BD7-900B-D5E92414BCDB}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-392286310-3643838366-3393110981-1001 -> {9B8B9469-1BCC-40FE-B23D-9D1159D6908B} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://train5.toyota.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: fqqj2x97.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default [2017-03-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fqqj2x97.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fqqj2x97.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\fqqj2x97.default -> hxxps://www.google.com/?gws_rd=ssl
FF Keyword.URL: Mozilla\Firefox\Profiles\fqqj2x97.default -> 
FF Extension: (Avira Browser Safety) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\abs@avira.com [2017-03-17]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-08-05]
FF Extension: (A Bit Better RTM) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\andrew@paprotsky.com.xpi [2016-08-05]
FF Extension: (Firefox Hotfix) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
FF Extension: (Table2Clipboard) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi [2016-08-05]
FF Extension: (Adblock Plus) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Extension: (BetterPrivacy) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-12-12]
FF Extension: (Greasemonkey) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-09-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-11-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-06-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ryan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-392286310-3643838366-3393110981-1001: LWAPlugin15.8 -> C:\Users\Ryan\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MCDB29148-7EA6-450F-8FD9-F2EBE3D4D3D8&SearchSource=55&CUI=&UM=5&UP=SP470E5114-99B2-4F5B-87A4-4E1A45644E14&SSPV=
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://akimgimeeoiognljlfchpbkpfbmeapkh/index_compiled.html"
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-03-17]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-02-25]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-03-15]
CHR Extension: (myPlex Queue Extension) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2016-02-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-02-06]
CHR Extension: (Google Art Project) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12]
CHR Extension: (Facebook) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-02-06]
CHR Extension: (Adblock Plus) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-17]
CHR Extension: (Remember The Milk) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2016-02-06]
CHR Extension: (Pushbullet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-11-09]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-06-01]
CHR Extension: (Netflix) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-02-06]
CHR Extension: (KeyRocket for Gmail™) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [2016-02-06]
CHR Extension: (Dropbox for Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-03-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Google Calendar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-03-16]
CHR Extension: (Pandora) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-02-06]
CHR Extension: (Bookmarks Menu) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (A Bit Better RTM) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcdefibajbglmeelclffdbakgjjjopc [2016-02-06]
CHR Extension: (Crimson: Steam Pirates) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfbkgkceahodalogdpenjoekbacjfcj [2016-02-06]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-08-29]
CHR Extension: (Box.com) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gompojgejjnhbdoaokakkdedfiglidlf [2016-02-06]
CHR Extension: (Pinterest Save Button) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-25]
CHR Extension: (Remember The Milk) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbibbhnebobgojikephdhjmdokgkckna [2016-09-12]
CHR Extension: (Remember The Milk for Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphjpfmagbhbdfhdndglcccmhdjhjjce [2016-02-06]
CHR Extension: (Google Play Music) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-06]
CHR Extension: (Table Capture) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2017-03-14]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-03-10]
CHR Extension: (NEnhancer) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2016-08-24]
CHR Extension: (Dropbox) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-02-06]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-02]
CHR Extension: (Coupons at Checkout) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2017-02-07]
CHR Extension: (Pandora) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbdleijeholagpfdimcchdfahkemeia [2016-02-06]
CHR Extension: (Google Hangouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-16]
CHR Extension: (Extension Defender) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkakdehcmmnojcdalpkfgmhphnicaonm [2016-02-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-31]
CHR Extension: (Google Maps) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-02-06]
CHR Extension: (Google Hangouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-02-06]
CHR Extension: (chromeIPass) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2017-03-17]
CHR Extension: (Click&Clean App) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-03-14]
CHR Extension: (TripIt - Travel Organizer) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfnefkehljgchgnmfcbbioaanpbcacig [2016-02-06]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2016-02-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-13]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-08-17]
CHR Extension: (Google Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-17]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Pinterest Save Button) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-25]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-30]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-392286310-3643838366-3393110981-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ryan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-01-10]
CHR HKU\S-1-5-21-392286310-3643838366-3393110981-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-02-26] (Box, Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-04-27] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266112 2016-10-17] (Code 42 Software)
S4 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8510936 2012-05-15] (DisplayLink Corp.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-10] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [209160 2015-12-17] (Broadcom Corporation.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2017-02-03] (BitRaider)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [17408 2012-06-17] (hxxp://libusb-win32.sourceforge.net)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S4 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R1 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (wj32)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-03-13] (hxxp://libusb-win32.sourceforge.net)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-03-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-17] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-17 16:51 - 2017-03-17 16:52 - 00050475 _____ C:\Users\Ryan\Desktop\FRST.txt
2017-03-17 16:51 - 2017-03-17 16:51 - 00000000 ____D C:\FRST
2017-03-17 16:51 - 2017-03-17 16:50 - 02424832 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2017-03-17 16:28 - 2017-03-17 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-17 16:28 - 2017-03-17 16:28 - 00000000 ____D C:\Users\Ryan\Desktop\mbar
2017-03-17 16:26 - 2017-03-17 16:26 - 00004994 _____ C:\Users\Ryan\Desktop\JRT.txt
2017-03-17 15:18 - 2017-03-17 15:23 - 00000000 ____D C:\AdwCleaner
2017-03-17 15:17 - 2017-03-17 15:17 - 00002522 _____ C:\Users\Ryan\Desktop\Rkill.txt
2017-03-17 15:11 - 2017-03-17 15:11 - 00001040 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-03-17 15:11 - 2017-03-17 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-17 15:11 - 2017-03-17 15:11 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-17 15:02 - 2017-03-17 16:49 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-17 15:02 - 2017-03-17 16:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-17 15:02 - 2017-03-17 16:43 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-17 15:02 - 2017-03-17 16:28 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-17 15:01 - 2017-03-17 16:48 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-17 15:01 - 2017-03-17 15:01 - 00001873 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-17 15:01 - 2017-03-17 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-17 15:01 - 2017-03-17 15:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 15:01 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-17 14:53 - 2017-03-17 14:55 - 00238788 _____ C:\TDSSKiller.3.1.0.12_17.03.2017_14.53.56_log.txt
2017-03-17 13:55 - 2017-03-17 13:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-03-17 06:02 - 2017-03-17 06:02 - 00003288 ____N C:\bootsqm.dat
2017-03-16 20:03 - 2017-03-17 16:44 - 00358220 _____ C:\Windows\ntbtlog.txt
2017-03-16 08:39 - 2017-03-16 08:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\com.prezi.PreziDesktop
2017-03-15 10:36 - 2017-03-15 10:36 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-15 10:36 - 2017-03-15 10:36 - 00000000 ____D C:\Program Files\Bonjour
2017-03-15 10:36 - 2017-03-15 10:36 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-15 10:36 - 2017-03-15 10:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-15 07:59 - 2017-03-15 08:15 - 00000000 ____D C:\Users\Ryan\AppData\LocalLow\WebEx
2017-03-15 07:59 - 2017-03-15 07:59 - 00491043 _____ C:\Users\Ryan\AppData\LocalLow\PreEE.tmp
2017-03-15 07:59 - 2017-03-15 07:59 - 00216788 _____ C:\Users\Ryan\AppData\LocalLow\Pre4F5.tmp
2017-03-15 07:59 - 2017-03-15 07:59 - 00190935 _____ C:\Users\Ryan\AppData\LocalLow\PreFEEA.tmp
2017-03-15 07:59 - 2017-03-15 07:59 - 00000000 ____D C:\Users\Ryan\AppData\Local\WebEx
2017-03-14 14:39 - 2017-02-23 01:17 - 00136064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-14 14:37 - 2017-02-23 15:56 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-03-14 14:37 - 2017-02-23 15:56 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-14 14:37 - 2017-02-23 15:56 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 34950592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 19883088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 19883088 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb11.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 19883088 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb10.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 19007344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 17281112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 17281112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb11.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 17281112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb10.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 16399408 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 16399408 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb9.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 14429240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-14 14:37 - 2017-02-23 03:34 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb9.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 03625408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 03185600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00576008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00503920 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-14 14:37 - 2017-02-23 03:34 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-14 14:37 - 2017-02-23 03:34 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-14 14:30 - 2017-03-14 14:30 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-14 14:30 - 2017-03-14 14:30 - 00001378 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-14 14:30 - 2017-02-23 11:32 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-14 14:30 - 2017-02-23 11:32 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-14 14:30 - 2017-02-23 07:30 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-14 14:30 - 2017-02-23 01:43 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-14 14:10 - 2017-03-14 14:10 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-14 14:10 - 2017-03-14 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-14 14:09 - 2017-03-14 14:09 - 00003084 _____ C:\Windows\System32\Tasks\{23DD4FE2-6587-4D3C-B533-2FB5002D42F0}
2017-03-14 14:04 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 14:04 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 14:04 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-14 14:04 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-14 14:04 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-14 14:04 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 14:04 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-14 14:04 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-14 14:04 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-14 14:04 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 14:04 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-14 14:04 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-14 14:04 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 14:04 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-14 14:04 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-14 14:04 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-14 14:04 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 14:04 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 14:04 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-14 14:04 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-14 14:04 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 14:04 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 14:04 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-14 14:04 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-14 14:04 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-14 14:04 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 14:04 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-14 14:04 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 14:04 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-14 14:04 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 14:04 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 14:04 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-14 14:04 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 14:04 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 14:04 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 14:04 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 14:04 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 14:04 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-14 14:04 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-14 14:04 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 14:04 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-14 14:04 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-14 14:04 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 14:04 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 14:04 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-14 14:04 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-14 14:04 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-14 14:04 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-14 14:04 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 14:04 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-14 14:04 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-14 14:04 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 14:04 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-14 14:04 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-14 14:04 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 14:04 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 14:04 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-14 14:04 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 14:04 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 14:04 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 14:04 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 14:04 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-14 14:04 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 14:04 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 14:04 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 14:04 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 14:04 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 14:04 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 14:04 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 14:04 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 14:04 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 14:04 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 14:04 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 14:04 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 14:04 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 14:04 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 14:04 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 14:04 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-14 14:04 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-14 14:04 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-14 14:04 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-14 14:04 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-14 14:04 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-14 14:04 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-14 14:04 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-14 14:04 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-14 14:04 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 14:04 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-14 14:04 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-14 14:04 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-14 14:04 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 14:04 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 14:04 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-14 14:04 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-14 14:04 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-14 14:04 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 14:04 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-14 14:04 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-14 14:04 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-14 14:04 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-14 14:04 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-14 14:04 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 14:04 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 14:04 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 14:04 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 14:04 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 14:04 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 14:04 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 14:04 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 14:04 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 14:04 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 14:04 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 14:04 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 14:04 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 14:04 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 14:03 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 14:03 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 14:03 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 14:03 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 14:03 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 14:03 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 14:03 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 14:03 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 14:03 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-10 20:30 - 2017-03-11 17:06 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\CHIRP
2017-03-10 20:29 - 2017-03-10 20:29 - 00000000 ____D C:\WCH.CN
2017-03-10 20:29 - 2015-01-26 01:00 - 00059904 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S64.SYS
2017-03-10 20:29 - 2015-01-26 01:00 - 00041472 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341SER.SYS
2017-03-10 20:29 - 2008-12-18 01:00 - 00020089 _____ C:\Windows\system32\CH341SER.VXD
2017-03-10 20:29 - 2007-06-12 01:00 - 00019680 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S98.SYS
2017-03-10 20:29 - 2005-07-30 01:00 - 00006712 _____ (www.winchiphead.com) C:\Windows\system32\CH341PT.DLL
2017-03-10 20:20 - 2017-03-10 20:20 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CHIRP
2017-03-10 20:20 - 2017-03-10 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIRP
2017-03-10 20:20 - 2017-03-10 20:20 - 00000000 ____D C:\Program Files (x86)\CHIRP
2017-03-09 13:51 - 2017-03-09 13:51 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-21 19:17 - 2017-02-21 19:17 - 00002052 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-02-21 19:17 - 2017-02-21 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-02-21 19:17 - 2017-02-21 19:17 - 00000000 ____D C:\Program Files (x86)\SDA
2017-02-21 19:16 - 2017-02-21 19:16 - 00000000 ____D C:\Users\Ryan\AppData\Local\Downloaded Installations
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-17 16:49 - 2012-06-15 21:30 - 00000000 ___RD C:\Users\Ryan\Dropbox
2017-03-17 16:48 - 2015-11-04 13:42 - 00000000 ____D C:\Users\Ryan\Rerware
2017-03-17 16:48 - 2015-03-03 18:21 - 00000000 ___RD C:\Users\Ryan\Google Drive
2017-03-17 16:48 - 2012-11-18 16:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-17 16:48 - 2012-06-15 22:26 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-17 16:48 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-17 16:28 - 2013-08-07 06:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 16:19 - 2015-11-20 08:54 - 00000536 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-392286310-3643838366-3393110981-1001.job
2017-03-17 16:18 - 2012-06-15 21:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-17 15:39 - 2015-06-16 14:10 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001UA.job
2017-03-17 15:33 - 2009-07-13 21:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-17 15:33 - 2009-07-13 21:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-17 15:29 - 2009-07-13 22:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-17 15:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-03-17 15:17 - 2015-08-17 09:28 - 00000000 ____D C:\Users\Ryan\Desktop\rkill
2017-03-17 15:09 - 2015-11-20 08:54 - 00000632 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-392286310-3643838366-3393110981-1001.job
2017-03-17 15:08 - 2015-08-17 12:04 - 00000000 ____D C:\Program Files (x86)\Avira
2017-03-17 14:59 - 2015-08-17 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-17 14:59 - 2015-08-17 12:04 - 00000000 ____D C:\ProgramData\Avira
2017-03-17 14:59 - 2014-09-20 11:51 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-17 14:58 - 2015-08-17 12:05 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Avira
2017-03-17 14:10 - 2015-08-17 09:32 - 00118400 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-17 14:10 - 2009-07-13 21:45 - 00450568 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-17 14:08 - 2012-07-22 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-03-17 14:08 - 2012-07-22 18:04 - 00000000 ____D C:\ProgramData\HP
2017-03-17 14:06 - 2012-07-22 18:11 - 00000000 ____D C:\Program Files (x86)\HP
2017-03-17 13:52 - 2012-06-15 22:41 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\KeePass
2017-03-17 13:52 - 2012-06-15 21:49 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Launchy
2017-03-17 13:44 - 2015-04-24 08:32 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Origin
2017-03-17 13:44 - 2011-10-27 03:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-17 13:40 - 2015-08-17 09:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-03-17 09:03 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-17 07:34 - 2015-04-24 08:30 - 00000000 ____D C:\ProgramData\Origin
2017-03-16 21:18 - 2015-04-24 08:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-03-16 21:12 - 2012-06-17 16:28 - 00000000 ____D C:\Program Files (x86)\SAMSUNG
2017-03-16 21:12 - 2012-06-16 14:29 - 00000000 ____D C:\Program Files (x86)\Pidgin
2017-03-16 21:12 - 2012-06-16 14:28 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-16 21:11 - 2012-06-15 22:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-16 08:25 - 2012-06-16 14:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-15 21:39 - 2015-06-16 14:10 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001Core.job
2017-03-15 21:08 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-15 18:57 - 2009-07-13 22:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-15 10:39 - 2012-06-16 14:30 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2017-03-15 10:36 - 2012-06-16 14:30 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-15 08:00 - 2013-07-05 14:10 - 00000000 ____D C:\ProgramData\WebEx
2017-03-14 18:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-03-14 14:44 - 2014-01-08 07:28 - 00000000 ____D C:\Users\Ryan\AppData\Local\NVIDIA Corporation
2017-03-14 14:39 - 2016-03-13 17:32 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-14 14:39 - 2015-12-28 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-14 14:39 - 2012-11-18 16:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-14 14:39 - 2012-11-18 16:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-14 14:38 - 2015-08-19 12:45 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2017-03-14 14:38 - 2012-11-18 16:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-14 14:30 - 2015-12-28 20:45 - 00000000 ____D C:\Users\Ryan\AppData\Local\NVIDIA
2017-03-14 14:22 - 2014-12-10 04:32 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-14 14:22 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-14 14:22 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 14:18 - 2013-08-21 21:00 - 00000000 ____D C:\Windows\system32\MRT
2017-03-14 14:16 - 2012-06-29 22:27 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 14:15 - 2012-06-16 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-14 14:15 - 2012-06-16 14:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 14:15 - 2012-06-16 14:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 14:12 - 2013-10-16 18:48 - 00000000 ____D C:\ProgramData\Oracle
2017-03-14 14:10 - 2013-07-07 19:53 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-14 12:59 - 2015-11-12 14:27 - 00000000 ____D C:\NVIDIA
2017-03-14 12:46 - 2015-04-24 08:30 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-09 13:51 - 2012-06-15 21:28 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Dropbox
2017-03-06 22:35 - 2015-11-20 08:54 - 00003664 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-392286310-3643838366-3393110981-1001
2017-03-06 22:35 - 2015-11-20 08:54 - 00003568 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-392286310-3643838366-3393110981-1001
2017-03-05 19:08 - 2016-03-01 08:43 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Factorio
2017-03-02 18:57 - 2013-07-12 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2017-03-01 11:21 - 2015-06-03 20:02 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-01 11:19 - 2015-06-03 19:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-23 13:35 - 2015-12-11 23:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 03:34 - 2016-06-07 04:32 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-23 03:34 - 2015-12-28 20:44 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-23 03:34 - 2015-12-28 20:44 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-23 03:34 - 2015-12-28 20:43 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-23 03:34 - 2015-12-28 20:43 - 03583744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-23 03:34 - 2015-12-28 20:43 - 00042616 _____ C:\Windows\system32\nvinfo.pb
2017-02-23 01:28 - 2015-12-28 20:45 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-23 01:28 - 2015-12-28 20:45 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-23 01:28 - 2015-12-28 20:45 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-23 01:28 - 2015-12-28 20:45 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-23 01:28 - 2015-12-28 20:45 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-23 01:28 - 2015-12-28 20:45 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-23 01:28 - 2015-12-28 20:45 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-22 23:38 - 2015-12-28 20:45 - 07807027 _____ C:\Windows\system32\nvcoproc.bin
2017-02-21 15:17 - 2015-09-29 17:47 - 00000000 ___RD C:\Users\Ryan\Box Sync
 
==================== Files in the root of some directories =======
 
2013-06-26 08:26 - 2014-05-30 13:24 - 0003711 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-09-28 09:49 - 2017-01-23 20:53 - 0018944 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-22 18:10 - 2017-03-17 14:09 - 0007465 _____ () C:\ProgramData\hpzinstall.log
2012-06-19 22:22 - 2013-03-05 04:22 - 0003993 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
2015-11-04 13:42 - 2017-03-14 14:24 - 0541696 ____N () C:\Users\Ryan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2017-03-17 15:11 - 2017-03-17 15:11 - 7097928 _____ (VS Revo Group                                               ) C:\Users\Ryan\AppData\Local\Temp\VSUSetup.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-14 00:35
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Ryan (17-03-2017 16:52:21)
Running from C:\Users\Ryan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-16 03:58:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-392286310-3643838366-3393110981-500 - Administrator - Disabled)
Guest (S-1-5-21-392286310-3643838366-3393110981-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-392286310-3643838366-3393110981-1002 - Limited - Enabled)
Ryan (S-1-5-21-392286310-3643838366-3393110981-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
A Slow Year (Digital Edition) (HKLM-x32\...\A Slow Year_is1) (Version:  - Ian Bogost)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Amazon Amazon Music) (Version: 5.3.2.1634 - Amazon Services LLC)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
Any Video Converter 5.0.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Artemis Spaceship Bridge Simulator (HKLM-x32\...\Steam App 247350) (Version:  - )
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoHotkey 1.1.07.03 (HKLM-x32\...\AutoHotkey) (Version: 1.1.07.03 - AutoHotkey Community)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{EB055068-B6D3-45E0-82A7-B32F9A48C0EA}) (Version: 4.0.7791.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6634.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{00FEE73D-E368-46A8-B4E1-475050722328}) (Version: 3.2.13.1660 - Box)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon PowerShot G15 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSG15) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CHIRP (HKLM-x32\...\CHIRP) (Version:  - )
Cisco WebEx Meetings (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CrashPlan (HKLM\...\{879BBD10-45D3-4752-AA6B-FB789392946C}) (Version: 4.8.0.323 - Code 42 Software)
CrystalDiskInfo 6.6.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.6.1 - Crystal Dew World)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3313.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{E0BF66E8-0D62-40AD-9C9E-20CDF8B64951}) (Version: 6.3.38355.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{9BF2630C-D02F-45AA-9F1E-7601C76CF5D7}) (Version: 6.3.38392.0 - DisplayLink Corp.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dropbox (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
EaseUS Todo Backup Free 9.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.0 - CHENGDU YIWO Tech Development Co., Ltd)
Elsinore (HKLM\...\Steam App 512890) (Version:  - )
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
EVGA Precision 1.8.1 (HKLM-x32\...\Precision) (Version: 1.8.1 - EVGA Corporation)
EVGA SLI Enhancement Patch (HKLM-x32\...\{17AA5399-34C8-4F84-BBC0-CDBE86949039}) (Version: 1.0.4.30 - EVGA)
EVGA Unleash_Mouse Tuning Utility (HKLM-x32\...\{62291EA4-39C0-4F33-8C12-747CBB9B6B89}) (Version: 1.0.17 - EVGA)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Factorio (HKLM-x32\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FILE and MP3 Renamer 2006 (HKLM-x32\...\FILE and MP3 Renamer 2006) (Version:  - )
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Google Chrome (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
KeyRocket (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\f59db59f860f6529) (Version: 1.1.0.11882 - Veodin)
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LYNE (HKLM-x32\...\Steam App 266010) (Version:  - Thomas Bowker)
Magical Diary (HKLM\...\Steam App 211340) (Version:  - Hanako Games)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4903.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mini Metro (HKLM-x32\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 13.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\MusicManager) (Version:  - Google, Inc.)
MyBackupPC from Rerware, LLC (HKLM-x32\...\MyBackupPC) (Version:  - )
nav-u tool (HKLM-x32\...\{6CF4996E-9A09-4C7A-BB2B-22CB4D7F33BE}) (Version: 2.2.1.02160 - Sony Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10800.8.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.3 - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Obduction (HKLM\...\Steam App 306760) (Version:  - Cyan Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PhraseExpress (HKLM-x32\...\{646B8AC5-9454-4990-8134-7092CEB1577A}) (Version: 8.0.152 - Bartels Media GmbH)
Pokémon (HKLM-x32\...\Pokémon) (Version:  - )
Pokémon Trading Card Game Online (HKLM-x32\...\{93DED27B-8106-409C-BD7C-20E4801CB89C}) (Version: 2.37.1 - The Pokémon Company International)
Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.7 - Prezi.com)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - Ed Key and David Kanaga)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Razer Surround Driver Installer version 1.5 (HKLM-x32\...\{11B11FA5-41ED-43C1-AB4B-905DDEDC72A2}_is1) (Version: 1.5 - inXile Entertainment)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
SABnzbd 0.7.0 (HKLM-x32\...\SABnzbd) (Version: 0.7.0 - The SABnzbd Team)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
Shadowrun: Hong Kong (HKLM-x32\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
Southern California Heritage Gardening Guide (HKLM-x32\...\{62CDDF9E-6A34-4D57-8A50-035F43B10C80}) (Version: 1.00.0000 - GardenSoft)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version:  - )
Spotify (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\Spotify) (Version: 0.8.8.450.gd9413516 - Spotify AB)
Star Realms version 2.22 (HKLM-x32\...\{F4DEB22F-AC61-4111-89B2-CF434A2BABFB}_is1) (Version: 2.22 - White Wizard Games)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Royal Trap: The Confines Of The Crown (HKLM\...\Steam App 356530) (Version:  - Hanako Games) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Wasteland 1 - The Original Classic (HKLM-x32\...\Steam App 259130) (Version:  - )
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-392286310-3643838366-3393110981-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinSplit Revolution (v11.04) (HKLM-x32\...\WinSplit Revolution) (Version: 11.04 - Raphael Lencrerot)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392286310-3643838366-3393110981-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09877DBB-AD9B-4FFD-88BC-602BCBFB5A85} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {13705DF9-91F9-4107-BF7A-9AACA251A969} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {13E7D81D-45ED-4E73-A684-A2229686E406} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {14018F38-7497-43FC-939B-79AAED78BFA0} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-21] (Nero AG)
Task: {1C5113A8-3C8C-459C-9826-1DEA57F176C0} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {1E21F590-60A7-4D8A-9025-55962237718B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {2939C0DE-5088-4F77-A0C4-5495C5B05BC0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {33A59F35-5EA6-4884-9725-476A046561C0} - System32\Tasks\G2MUploadTask-S-1-5-21-392286310-3643838366-3393110981-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe [2017-03-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {39F1E816-C2EB-49C1-917A-B6AAA32B3870} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3E625B30-DAF6-40F8-BBC0-760C0A24C54D} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {50DF9FD9-B3A3-45BC-81CB-04B0BE0AD7E3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5D59B597-26C0-4945-9D2D-5C59AABD5EBE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {5E2F2422-BB04-4F7E-97BC-F80792574FEE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {65D3182B-EFD5-4357-BA80-97346CCBEB7F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {67C596E0-18FD-448F-88D0-C1B13FE7A7EC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {6EC41DBB-4088-4380-ADD1-38BD3B717FFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {768539B6-22BB-4023-88AD-A3910B0420C3} - System32\Tasks\{57F7BF5D-E5BE-42B4-84E7-DCE790FE1979} => pcalua.exe -a "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\uninst.exe"
Task: {7E4FB9EA-2A02-4457-8C73-DA00CFD2F9F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {82F47CD2-A8BE-4294-A6FF-255660879943} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {878C3D27-530A-4F58-A54B-5EA3F77280D4} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {8FB30A0D-D934-45FC-8312-7B017B6BCFD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {97DE03DE-4BD9-456C-A9FF-A27D84CF7CE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-18] (Adobe Systems Incorporated)
Task: {9D552524-ACD6-4F52-9B43-8EB68BB12420} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {A1814D33-CFAA-4C5D-B205-764E681AC088} - System32\Tasks\G2MUpdateTask-S-1-5-21-392286310-3643838366-3393110981-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe [2017-03-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AC67D215-60C6-4378-A64F-582245E0AB40} - System32\Tasks\{8F53B486-4127-4C62-80C4-CE871158A943} => pcalua.exe -a G:\VISTA_WIN7\Setup.exe -d G:\VISTA_WIN7
Task: {B294B905-87F4-4069-A14B-E14168AAF97B} - System32\Tasks\Amazon Music Helper => C:\Users\Ryan\AppData\Local\Amazon Music\Amazon Music Helper.exe [2016-12-14] ()
Task: {CADDD56A-DB9A-453A-B510-F38D4DCB6159} - System32\Tasks\{23DD4FE2-6587-4D3C-B533-2FB5002D42F0} => pcalua.exe -a F:\Downloads\jxpiinstall.exe -d F:\Downloads
Task: {D0D9654E-3099-48A4-9167-FE25DE00F33E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001Core => C:\Users\Ryan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {D8DC1467-CDAD-4EBD-80AB-424B220849EE} - \RegClean Pro -> No File <==== ATTENTION
Task: {E472AC66-7EFA-44B8-AB70-DBA64DDFD661} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001UA => C:\Users\Ryan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E4D59209-BAB6-49BD-ABFD-362CAD29FC43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {F409BEE4-5F9E-44E3-9397-0AB1C1247D91} - \Advanced System Protector_startup -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001Core.job => C:\Users\Ryan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-392286310-3643838366-3393110981-1001UA.job => C:\Users\Ryan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-392286310-3643838366-3393110981-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-392286310-3643838366-3393110981-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ryan\Desktop\Ryan - Chrome.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remember The Milk - Ryan's Tasks.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.rememberthemilk.com/home/rmcmullan/#section.tasks/L2xpc3Q9ODEyNTA4OS8=
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hangouts.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6210e64e3e384ab1\Sarah - Chrome.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-28 20:45 - 2017-02-23 01:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-17 16:28 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\CLPA1l6.DLL
2012-08-10 14:33 - 2016-01-22 17:57 - 00089008 _____ () C:\Windows\System32\cpwmon64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-03 19:59 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-10-17 22:33 - 2016-10-17 22:33 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2016-10-17 22:33 - 2016-10-17 22:33 - 00238592 _____ () \\?\C:\Program Files\CrashPlan\cpnative64.dll
2016-10-17 22:33 - 2016-10-17 22:33 - 00082432 _____ () \\?\C:\Program Files\CrashPlan\c42archive64.dll
2016-10-17 22:33 - 2016-10-17 22:33 - 00484864 _____ () \\?\C:\Program Files\CrashPlan\libleveldb64.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-12-28 23:16 - 2015-12-10 07:14 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-02-14 16:17 - 2017-02-14 16:17 - 01157960 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00053576 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 01751880 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00134544 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2015-02-06 15:38 - 2015-02-06 15:38 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2015-02-06 15:38 - 2015-02-06 15:38 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2017-02-14 16:17 - 2017-02-14 16:17 - 00118088 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00050504 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00695624 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2017-02-14 16:16 - 2017-02-14 16:16 - 00009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2017-02-14 16:16 - 2017-02-14 16:16 - 00016712 _____ () C:\Program Files\Box\Box Sync\select.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00172872 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2017-02-14 16:16 - 2017-02-14 16:16 - 00170312 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00444816 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00029072 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00155536 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00065352 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00142224 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00050064 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00059792 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2017-02-14 16:17 - 2017-02-14 16:17 - 00037704 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00027536 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00229264 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2017-01-06 07:28 - 2016-12-14 14:41 - 03494376 _____ () C:\Users\Ryan\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-12-28 23:17 - 2015-12-10 07:16 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
2012-06-15 21:49 - 2010-11-10 19:38 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2017-03-17 15:01 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-17 15:01 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-14 16:14 - 2017-02-14 16:14 - 00166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-16 14:27 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-06-16 14:27 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00186408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00165928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00058408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00015912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00108072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00018984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-12-28 20:45 - 2017-02-23 11:32 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2015-12-28 23:16 - 2015-12-10 07:04 - 00224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2013-03-12 17:10 - 2017-02-02 18:42 - 00668960 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 14:44 - 2016-08-31 18:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-25 14:44 - 2016-08-31 18:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 14:44 - 2016-08-31 18:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-28 14:59 - 2017-03-13 15:04 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-05 18:40 - 2016-01-27 00:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-05 18:40 - 2016-01-27 00:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-05 18:40 - 2016-01-27 00:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-05 18:40 - 2016-01-27 00:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-05 18:40 - 2016-01-27 00:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-06-15 22:29 - 2017-03-13 15:04 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 22:15 - 2016-07-04 15:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-01 17:01 - 2016-02-01 17:01 - 00117248 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2016-02-01 17:00 - 2016-02-01 17:00 - 00234496 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2016-02-01 17:00 - 2016-02-01 17:00 - 00253440 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2016-02-01 16:59 - 2016-02-01 16:59 - 00344064 _____ () C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2016-07-22 19:07 - 2016-05-24 08:21 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2017-03-09 13:51 - 2017-03-06 13:59 - 00807232 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2015-12-11 23:35 - 2017-02-08 19:19 - 00035792 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 23:35 - 2017-02-08 19:19 - 00100296 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 23:35 - 2017-02-08 19:19 - 00018888 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 23:35 - 2017-03-06 14:01 - 00019776 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 23:35 - 2017-02-08 19:19 - 00694224 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00020824 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 23:35 - 2017-02-08 19:20 - 00123856 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 01682768 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00020816 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-09 13:51 - 2017-02-08 19:19 - 00145864 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-09 13:51 - 2017-02-08 19:20 - 00019408 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-09 13:51 - 2017-02-08 19:19 - 00116688 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 23:35 - 2017-02-08 19:22 - 00105928 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 10:36 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00038712 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00060736 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00024528 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00175560 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-03-09 13:51 - 2017-02-08 19:19 - 00392144 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-09 13:51 - 2017-02-08 19:22 - 00020936 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00116176 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 23:35 - 2017-03-06 14:01 - 00381760 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00124880 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 10:36 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00030160 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00043472 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00048592 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00057808 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00246608 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00027488 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 10:36 - 2017-02-08 19:21 - 00241104 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00022336 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 23:35 - 2017-03-06 14:01 - 00025432 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00028616 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 01826104 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 23:35 - 2017-02-08 19:20 - 00083912 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 01972536 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 03928896 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00531264 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-02-24 11:49 - 2017-03-06 14:01 - 00053072 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00133432 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00224064 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00207680 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-23 16:12 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 16:12 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 16:12 - 2017-03-06 14:01 - 00021848 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 16:12 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00350152 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 11:17 - 2017-03-06 14:01 - 00023896 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00025936 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 13:51 - 2017-02-08 19:17 - 00036296 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-09 13:51 - 2017-03-06 14:01 - 00084288 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-03-09 13:51 - 2017-02-08 19:27 - 00017864 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-09 13:51 - 2017-02-08 19:27 - 01631184 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-09 13:51 - 2017-03-06 14:01 - 00042816 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00171336 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00357688 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-11 23:35 - 2017-02-08 19:22 - 00060880 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 10:36 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 13:51 - 2017-03-06 14:01 - 00546104 _____ () C:\Users\Ryan\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00098816 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32api.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00110080 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\pywintypes27.dll
2017-03-17 16:48 - 2017-03-17 16:48 - 00364544 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\pythoncom27.dll
2017-03-17 16:48 - 2017-03-17 16:48 - 00320512 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32com.shell.shell.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00914432 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_hashlib.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 01176576 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._core_.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00806400 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._gdi_.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00816128 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._windows_.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 01067008 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._controls_.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00733184 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._misc_.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00682496 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\pysqlite2._sqlite.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00088064 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_ctypes.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00686080 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\unicodedata.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00119808 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32file.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00108544 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32security.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00007168 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\hashobjs_ext.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00017920 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\thumbnails_ext.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00088064 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\usb_ext.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00012800 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\common.time34.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00018432 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32event.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00167936 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32gui.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00046080 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_socket.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 01303552 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_ssl.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00128512 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_elementtree.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00127488 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\pyexpat.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00038912 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32inet.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00036864 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_psutil_windows.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00524248 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\windows._lib_cacheinvalidation.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00011264 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32crypt.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00123392 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._wizard.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00077312 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._html2.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00027648 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_multiprocessing.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00020480 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\_yappi.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00035840 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32process.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00078848 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\wx._animate.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00024064 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32pipe.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00010240 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\select.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00025600 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32pdh.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00017408 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32profile.pyd
2017-03-17 16:48 - 2017-03-17 16:48 - 00022528 ____R () C:\Users\Ryan\AppData\Local\Temp\_MEI35722\win32ts.pyd
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2015-11-04 13:42 - 2017-03-14 14:24 - 00541696 ____N () C:\Users\Ryan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2015-12-27 10:43 - 2014-10-06 18:59 - 00081408 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3\HidDevice.dll
2015-12-27 10:43 - 2014-09-18 17:49 - 00054784 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3\KBHook.dll
2015-12-27 10:43 - 2014-10-06 18:59 - 00081408 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3L\HidDevice.dll
2015-12-27 10:43 - 2014-09-18 17:49 - 00054784 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X3L\KBHook.dll
2015-12-27 10:43 - 2014-10-06 18:59 - 00081408 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5\HidDevice.dll
2015-12-27 10:43 - 2014-09-18 17:49 - 00054784 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5\KBHook.dll
2015-12-27 10:43 - 2014-10-06 18:59 - 00081408 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5L\HidDevice.dll
2015-12-27 10:42 - 2014-09-18 17:49 - 00054784 _____ () C:\Program Files (x86)\EVGA\EVGA Unleash_Mouse Tuning Utility\TORQ\Device\X5L\KBHook.dll
2015-12-28 23:17 - 2015-12-10 07:16 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
2015-12-28 23:17 - 2015-12-10 07:16 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
2015-12-28 23:17 - 2015-12-10 07:16 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
2015-12-28 23:17 - 2015-12-10 07:16 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
2016-12-13 15:21 - 2017-01-30 14:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-02-01 19:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-01 19:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-06-15 21:49 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2012-06-15 21:49 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2012-06-15 21:49 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2012-06-15 21:49 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2012-06-15 21:49 - 2010-11-10 19:39 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2012-06-15 21:49 - 2010-11-10 19:39 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2012-06-15 21:49 - 2010-11-10 19:38 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2012-06-15 21:49 - 2010-11-10 19:38 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2012-06-15 21:49 - 2010-11-10 19:38 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2012-06-15 21:49 - 2010-11-10 19:38 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2017-03-14 14:30 - 2017-02-23 11:32 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-03-14 14:30 - 2017-02-23 07:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-03-14 14:30 - 2017-02-23 07:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-03-14 14:30 - 2017-02-23 07:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-03-14 14:30 - 2017-02-23 07:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-03-14 14:30 - 2017-02-23 07:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-03-14 14:30 - 2017-02-23 07:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-08-17 11:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CrashPlanService => 2
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: DisplayLinkService => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vToolbarUpdater18.8.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CrashPlanTray => C:\Program Files\CrashPlan\CrashPlanTray.exe
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass Password Safe 2 => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VeodinKeyRocket => "C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veodin\KeyRocket.appref-ms"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B229786B-94BF-4C10-89DA-CB47996FCB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14DA3937-780D-4A52-A450-BD5353BF82AC}] => (Allow) LPort=2869
FirewallRules: [{ECC03155-D8E3-424C-8EFA-EFAF0F53AC93}] => (Allow) LPort=1900
FirewallRules: [{BF3C2D0A-F0B7-46E7-B36A-707BAE5FE449}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F0F7B495-599E-40AC-BBD7-D0A1FD588524}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DCDE9E84-DFDC-4891-B293-8F2872060E12}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{739ED3D8-894D-4423-9B09-DC93F3B67D9B}] => (Allow) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3274C455-107F-47D4-898B-8F68CFB1E342}] => (Allow) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6C305C3F-6175-4BD4-A4B7-1984F43ED976}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EAEE2308-8872-4BC0-8361-BB88E675D9EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{52B1ABF5-0BDB-4021-A57D-09297DD24647}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F05236D5-446F-41CC-8AEB-84B87EBB2E9F}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A9A12363-D403-4269-B3FA-E41BFE717839}C:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C9DE79F1-C7DA-49E0-AC3A-60AF7620267E}C:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ryan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{29E6157F-FC75-49A1-AB6B-BD00D25066E9}C:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) C:\program files (x86)\phraseexpress\phraseexpress.exe
FirewallRules: [UDP Query User{81D06945-EFDF-4299-964F-8D08650AA1F3}C:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) C:\program files (x86)\phraseexpress\phraseexpress.exe
FirewallRules: [TCP Query User{AB5EFE1F-B101-480B-A4B1-1E66E1CF332D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{CCB19829-2EAF-4CF9-9335-896D0820CAC7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1EB6B026-E589-47E7-9D2B-F3916B1FD2BB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{67AE327A-E7A1-4EFD-A0F8-A4E406CF7851}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{355BB972-C5ED-4638-967F-EAF006C60C61}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{E1F1CE44-BFCB-4E1F-9C4B-B61237EDEB7A}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{990E2FBB-AA36-4952-AB49-A0A222B0FBFD}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\7zS5425\hppiw.exe
FirewallRules: [{90E0636E-AB58-45E8-B68E-2F6D28A54BDD}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\7zS5425\hppiw.exe
FirewallRules: [{D1480575-B297-48DC-A088-9C9A5F41E48B}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\7zS5728\HPDiagnosticCoreUI.exe
FirewallRules: [{7D58A782-4778-423D-B2F1-F5FEADE7BEA7}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\7zS5728\HPDiagnosticCoreUI.exe
FirewallRules: [{96785E59-13B5-4EEB-BBAF-30D586A89984}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\7zS5759\HPDiagnosticCoreUI.exe
FirewallRules: [{FC9A8F2C-808D-40C8-B283-B53AD9417BC1}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\7zS5759\HPDiagnosticCoreUI.exe
FirewallRules: [{D749C492-786A-451C-9D70-AD6E1611BA1A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3A931542-BF8C-4C49-AB67-6C6D5A0813FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B9C79E97-54B8-496C-A8F9-83B36791DDC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D42BF28C-F413-4D13-BDCF-4FE52677A985}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B6A468FD-67CF-4606-942C-9E8071F9921F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{7989E4F6-F291-462D-9E7A-56E876F17F27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{491E1AB4-6A27-49C7-9890-52BD54CD99F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{ACBBE58D-5D6B-4A25-B937-BD6D0D1C4E82}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{1DA6031B-4765-4400-A791-807B6401A9A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{B030BF41-FFDA-43FF-8618-2C43350DDC36}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{B1A4394F-EEA9-4979-AEC4-B7E3D339E216}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{FE24326C-53CC-44DC-89C6-431C965906C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BEA507DB-51CB-49BA-8676-90FFE88A2360}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{108948B6-6C33-43B0-B227-4463A106B877}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{211D6BA8-6B08-4F13-9275-702AC586FB10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E86535BA-9256-4651-99FA-BD5FE06F9CC3}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C78BB23E-5061-4681-8B49-0115BB7C31B7}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{98FB7929-C3DE-4328-B00D-048C5F38E0EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\space pirates and zombies\SpazGame.exe
FirewallRules: [{9253E3BA-150B-46CC-9772-8553DDE9B792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\space pirates and zombies\SpazGame.exe
FirewallRules: [TCP Query User{1767274B-1FA8-4191-B7A5-BDF8A3DB58C4}C:\users\ryan\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ryan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B2441381-52B0-43BB-B06B-CD4C1338F30F}C:\users\ryan\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\ryan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{B65181A9-952D-4027-988D-58A596C61008}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{509A159F-C9DB-4F0A-BEE8-0398AC992ED7}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{0D4DBC7F-264E-4331-8F99-51D801EF7DDF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C7778520-C232-4DF9-9658-FA2CF3259662}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{41EDEB7A-F955-4F52-8E51-3F20FF371CFA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{59FEE6FA-68BE-4CBE-BE38-49FCDDD8C91B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F5EC49F1-BC77-481A-BF38-27D5C4CD9319}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wasteland\wasteland.exe
FirewallRules: [{F4842C07-FE0E-4188-8330-2A01E1DD4CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wasteland\wasteland.exe
FirewallRules: [{8EF86EFD-7A1E-4029-8A37-95D59A062924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{93C7482F-F1D8-43B1-B5D3-775DB8262933}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{41D095CA-C552-4E32-82E4-ABC5A25D0F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{6955A425-AB14-451A-B768-0ACC410B3F5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{EF2C2A63-1619-4657-93E7-F29FE069A0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{7645D295-01F0-44D1-ADC2-56B3B1C50D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{A519224D-5097-44A8-89BF-86165EE6D031}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{A45EE2BE-281D-4AF3-B8D2-85AC2660ECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{74593048-2A33-4255-84B4-719EBEBA0D5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{8E71CA94-4491-436E-AFDD-5895A9E0A203}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{2FC82B37-8B19-4CDA-9354-5B5625D84E19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{DF52B17E-192C-4F7B-94F3-994B62D9AE33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{0A3A0008-C249-47AF-B4C1-CCE7B42571E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{422BE187-B265-4358-95EB-5ACC9BAB655D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26435399-B31C-46E8-92CA-5351FA363594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{281BA675-5990-4DB5-B2FA-00DF3D1076CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{AA66DA71-1272-48EE-82A3-AF932A725E8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Artemis\Artemis.exe
FirewallRules: [{6D914398-924A-4752-BBA3-F46ADE8D256F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Artemis\Artemis.exe
FirewallRules: [{68A87690-61C3-4E74-B424-6C41BEE3682F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LYNE\LYNE.exe
FirewallRules: [{09BC0A7F-3D34-48CC-9776-9B46F0B4DDD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LYNE\LYNE.exe
FirewallRules: [{806BA205-3300-4543-B137-9263001E7BCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{8DE3484F-EA11-467B-A650-68CE23D66780}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{8C401621-591D-427B-B516-B4607275FA21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Proteus\Proteus.exe
FirewallRules: [{09164C14-726D-40C2-8B0B-7DD71A1D82ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Proteus\Proteus.exe
FirewallRules: [{380F13C1-900F-46E4-A6FB-2B534895C8FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{70540E84-AB6D-444B-A2E6-1A5DACFAF17F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{1C1ACBBF-2091-487C-A2CB-9CEAFD08B7B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{EB7A9473-132C-4642-859B-85D68A196420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{B37A4C94-BAD9-4629-BF4E-BD9FD293D8B6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B23A8D51-FB8C-4601-9072-C4F5372F5A72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1729953B-7255-4D02-8C37-8B75DFBE6750}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{48584E36-0E4D-4C81-97B5-70C443E14293}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E8A7B42E-A621-4463-AFDB-9BDC935A07B6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{45F16357-49C4-4EA9-B768-A8CA503E8455}C:\program files (x86)\origin games\mass effect 2\binaries\me2game.exe] => (Block) C:\program files (x86)\origin games\mass effect 2\binaries\me2game.exe
FirewallRules: [UDP Query User{C4FC08CB-5E25-41E2-8603-E8B4921905DE}C:\program files (x86)\origin games\mass effect 2\binaries\me2game.exe] => (Block) C:\program files (x86)\origin games\mass effect 2\binaries\me2game.exe
FirewallRules: [{A1F9D1C4-7D96-4F00-824F-6D6604D0902D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0B938293-DD02-401A-BE32-6332AA76034B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B29B76FF-9EAD-4E83-83A6-31F128A5DFFB}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{23633D83-0AA2-4F77-A7D1-36B43723AF0E}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{ECC69D0D-D616-4EC4-BF4F-2FF49CE161F7}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{2054F8C7-58D1-41FD-959C-D65834E3DB8E}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{31513CF1-A7E5-4554-A0E0-B8842876FB9D}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{625B5025-C014-41CB-A864-B756C58DD8EA}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [TCP Query User{A79AC228-00D5-4D68-BF4D-5461847A8A1A}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{74BD1042-DC01-4C86-B568-6D83D8F41F92}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{F9114C82-E12D-41E6-903B-65422C1F60CC}C:\users\ryan\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ryan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{2294C9CC-23DE-4899-9DE5-377F32F50844}C:\users\ryan\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ryan\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{C9454786-AF78-4A01-83B9-9C34A714EC22}C:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{A96CC5F3-AAF2-4570-B9BB-8A7FAAF5B0DF}C:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{38110DB5-3F9E-42F7-BDCD-D006BC5BD5DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{313DB63D-C784-4D68-8E74-A761B1EB6CE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{C845CE3E-1DE0-419B-954F-A5D01DDB16E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{CDC5523D-587C-4B2B-908A-5D02D8709B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{850B2E81-22FE-4939-9620-A988BC15E081}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{49EBF2E4-FECA-4CF4-8809-F653F41F547F}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{A30DDC06-6046-4788-B99B-F476640FE76D}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{4360780A-5422-4BA2-9125-2B94A4048EA2}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [TCP Query User{8BC2C020-6865-459A-B27A-4BAE30960550}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{46AD71CC-D982-403C-A032-0BCAA5015F28}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{43BBDE2B-F447-4615-9E4B-531A4E3D61C1}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{09A312E5-E415-4E2C-B0C1-6181A86B01B2}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{3641C08E-A445-4408-B531-3D08AB3FFA3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7F8563D5-20F6-469C-A0AE-F5CE9D77A746}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
FirewallRules: [{4137E3B9-BBBB-40D7-B960-6BB28A347CAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
FirewallRules: [TCP Query User{3B165872-0B4A-4EB3-AD6B-523091838147}C:\users\ryan\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\ryan\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{668209EE-BD1F-4300-9F7D-D74A1D56BB24}C:\users\ryan\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\ryan\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [TCP Query User{B4E78BD7-0857-49A5-B46A-7C2885854745}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{7B50C1D6-91F3-4FF4-8B3A-77642DDAB796}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{E5E86ADA-3031-4B89-A50E-0E9B965BD250}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{928AF26D-0549-4DDE-AA36-E93A95942BDA}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{39BB0259-B50B-4344-84A6-1ED1679AA4B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E052EF96-3BBF-4B82-93EA-8752F5C848B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{14A735C6-C0A7-4655-908E-E0FE2A51F947}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{55E491B4-39CD-4D3C-A191-F488449C5DCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{60DACD82-F066-49B8-BD10-39D2CE74D336}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{4C13C760-776A-407F-9FF0-A8E27A4703D4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{7E040077-EC4A-4D12-A01D-463126D4D45A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{6E71D1AB-021C-4BA2-90F9-B381E2A622A0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{62C3B456-7B23-4BE0-9129-0D97DD1F4773}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7530DBD0-CB15-42D9-95FD-F0B6D716D552}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{8C8B1488-B9CD-41F3-A9D2-E45D0BE1CB9D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{2D77A7AD-8825-4E5B-AC18-D47A6B20B321}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{49724B72-EB3E-49EB-A1CF-170A7BB1A29B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{4320C63D-BA2D-4CA3-B705-BF0228CEFBE0}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{FE5EF717-BCDC-4047-8306-838E66EBDA1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{5A0E5864-F207-4630-8E2B-2BFE6AD3B133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{B475117B-10EE-4E7E-915A-7A544BBDC5F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C7FD003C-8D5F-4B86-9573-9946F590DCC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{0C0998F4-A21D-4361-8670-8DF63B12C671}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{CD167C4A-223F-4AE7-8220-E29B9972613D}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{DF442DAC-B776-443C-833A-E7CAAADCF288}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{958F8776-7074-4355-9AA4-826BA9382A6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{23E1A62E-F69C-4E2B-821D-2F9F91CE8358}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{E60AE4BC-3378-413D-A5BE-41E65EA781CC}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{8479A554-143D-456B-A173-214CFA195E3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{477E1160-D047-490C-A54E-60EAE54ACC43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83BC835C-A522-4DAE-AA52-B5EBC272CC75}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{CC9264EF-6752-49F0-86F6-810377767AD2}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{6378640D-E6A5-4616-8E16-4086D3474065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Obduction\Obduction.exe
FirewallRules: [{DC7FE08A-F16B-408D-A0D8-BC9B245BD789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Obduction\Obduction.exe
FirewallRules: [TCP Query User{01D4ECAC-745D-471C-AB31-79D678FA5834}C:\program files (x86)\steam\steamapps\common\obduction\obduction\binaries\win64\obduction-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\obduction\obduction\binaries\win64\obduction-win64-shipping.exe
FirewallRules: [UDP Query User{4A2C63E8-FD70-441B-8654-2A719C058594}C:\program files (x86)\steam\steamapps\common\obduction\obduction\binaries\win64\obduction-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\obduction\obduction\binaries\win64\obduction-win64-shipping.exe
FirewallRules: [{D4E3DC1D-D864-415E-BEA6-557D7025B16B}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{5877C395-1F8D-4BD4-99F5-B4B9E4892966}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [TCP Query User{9676ACAD-4DE3-4295-B3A3-9A1D50C86872}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{7F22CA8B-FCCE-45F7-9120-20D4662F91F5}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{A4F9D7B4-C5FB-4F28-8972-7AFF2552FF3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Royal Trap\The Royal Trap HD.exe
FirewallRules: [{C69738EA-4B1D-4FBB-9254-DEA8E4C06BBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Royal Trap\The Royal Trap HD.exe
FirewallRules: [{35C3A517-F034-4CCD-BC7F-CA6EB8E1F82C}] => (Allow) D:\SteamLibrary\steamapps\common\Magical Diary\MagicalDiary.exe
FirewallRules: [{25AE5304-D7DC-461D-B24D-837FB97C4C9C}] => (Allow) D:\SteamLibrary\steamapps\common\Magical Diary\MagicalDiary.exe
FirewallRules: [{427D0601-26B4-420B-A432-73DE55E6ECAC}] => (Allow) D:\SteamLibrary\steamapps\common\Elsinore\Elsinore.exe
FirewallRules: [{844C6FA1-6F2D-43BA-A6EE-82CC5A6CD8EC}] => (Allow) D:\SteamLibrary\steamapps\common\Elsinore\Elsinore.exe
FirewallRules: [{83BBA5D4-64C8-47A0-A797-CAB2336AF7D5}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{E9E6ACE1-438D-482B-9BD9-486B7DDF8B45}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7107034E-F495-436D-9B52-A7F652342C16}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{8C873DBF-C549-4C7F-90CB-0CE7136096B1}C:\users\ryan\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\ryan\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{1E15BF04-FF4F-4BCA-AC68-4FAF5A6AA95C}C:\users\ryan\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\ryan\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{FCB4A3FF-E7DF-4691-B642-86D464F70638}C:\users\ryan\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\ryan\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{6A7D2002-17C5-4DEE-8FA5-151E7C805BE0}C:\users\ryan\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\ryan\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{E79727C2-21F5-4062-8C9D-BF0D9D28F6A3}] => (Allow) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{04CA418E-59E7-4788-974A-AA6A6B093932}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{761F0E24-8813-4E41-9577-229F1AD0DB75}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{B46F998C-CD7C-4213-9C98-8F2B719945CA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{58C23F66-CCC4-45B7-8609-B4F8BE99D872}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{49AF4788-3DD1-4F06-87FA-C7D77D882560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F25A5F4F-A509-4CFC-A458-772CC881DBFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{71D9390D-5D53-442F-B1F1-5D4459472888}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{0720F00D-0DE7-4AE4-B6AA-FB2F28EBC4AB}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{17AE8A0C-BC7E-437B-8AF9-8C50E29E0EE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [TCP Query User{0303F7EC-1075-4CAC-A08A-A20440C0F4DC}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{107AF742-209F-4B4B-865E-2C4566D90AA6}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{07345C37-1F8D-4653-A6BC-E00AA281C8AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{953A07A3-0817-4CCF-B5B2-F0B43598227B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D837475-134D-4ECF-AD90-40BFB80F66B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B3EC2F93-D418-4BE8-B952-84DC01AE500E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5583B731-353F-4D17-9C12-F532387D51C3}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{1107F79A-9945-4425-8AB5-6D0F7D3F9612}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Broadcom BCM20702 Bluetooth 4.0 USB Device
Description: Broadcom BCM20702 Bluetooth 4.0 USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4100 Series
Description: HP LaserJet 4100 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2017 07:52:33 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000032C4D0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:52:33 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000032C4D0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:52:33 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000032C4D0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:52:33 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000032C4D0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:52:33 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000032C4D0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:47:21 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002E4A10).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:47:21 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002E4A10).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:47:21 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002E4A10).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:47:21 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002E4A10).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (03/17/2017 07:47:21 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002E4A10).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
 
System errors:
=============
Error: (03/17/2017 04:49:01 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/17/2017 04:49:01 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/17/2017 04:49:00 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/17/2017 04:49:00 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/17/2017 04:49:00 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (03/17/2017 04:48:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/17/2017 04:48:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (03/17/2017 04:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (03/17/2017 04:48:22 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (03/17/2017 04:48:18 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
 
 
CodeIntegrity:
===================================
  Date: 2015-11-17 08:14:17.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:17.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:17.434
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:17.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:11.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:11.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:11.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:11.320
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:08.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-17 08:14:08.047
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 47%
Total physical RAM: 10220.31 MB
Available physical RAM: 5383.96 MB
Total Virtual: 20438.8 MB
Available Virtual: 14841.05 MB
 
==================== Drives ================================
 
Drive c: (SSD OS) (Fixed) (Total:447.03 GB) (Free:80.85 GB) NTFS
Drive d: (Old Compaq HD) (Fixed) (Total:232.88 GB) (Free:119.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Libraries) (Fixed) (Total:449.65 GB) (Free:30.95 GB) NTFS
Drive t: (Media) (Network) (Total:1862.89 GB) (Free:1678.6 GB) NTFS
Drive x: (Seagate Backup Plus Drive) (Network) (Total:4657.4 GB) (Free:4082.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 5682AD13)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 3681861A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Ryan (Administrator) on Fri 03/17/2017 at 16:24:28.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 26 
 
Successfully deleted: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\user.js (File) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JETL2GJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EOI32HJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82ORBTFN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA554U2S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIK403Y8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBTOOK1W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB7PBFRG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4Y1QJGD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JETL2GJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EOI32HJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82ORBTFN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA554U2S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIK403Y8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBTOOK1W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB7PBFRG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4Y1QJGD (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF (Registry Value) 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/17/2017 at 16:26:19.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18617
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 10716770304, free: 7358238720
 
Downloaded database version: v2017.03.17.10
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.14.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/17/2017 16:28:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\EUBKMON.sys
\SystemRoot\system32\drivers\eubakup.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files\Process Hacker 2\kprocesshacker.sys
\??\C:\Windows\system32\drivers\EuFdDisk.sys
\??\C:\Windows\system32\drivers\eudskacs.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\nvvhci.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msvcrt.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.03.17.10
  rootkit: v2017.03.11.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800af67060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ad7b8a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800af67060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80093af050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 5682AD13
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3486813718
    GPT Header CurrentLba = 1 BackupLba 937703087
    GPT Header FirstUsableLba 34  LastUsableLba 937703054
    GPT Header Guid db8c4195-bbfa-4afe-b669-b91ef0716844
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3486813718
    Backup GPT header CurrentLba = 937703087 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 937703054
    Backup GPT header Guid db8c4195-bbfa-4afe-b669-b91ef0716844
    Backup GPT header Contains 128 partition entries starting at LBA 937703055
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d8c6baee-c169-4d43-855d-f7446221a65
    FirstLBA 2048  Last LBA 206847
    Attributes 0
    Partition Name                                     
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8b0df9a8-e320-43dc-b75d-ca553cb2f17
    FirstLBA 206848  Last LBA 937702398
    Attributes 0
    Partition Name °ഌ⥇XC䜌იð舌홯XC봌봀ð莘XC㈍権ð戎¨C錎늘@츎眰
 
Disk Size: 480103981056 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800af68060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800af68b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800af68060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009c96050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488391621
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800af69060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800af69b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800af69060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009c9a050, DeviceName: \Device\Ide\IAAStorageDevice-4\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 3681861A
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 170898981
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 34908d5f-58a8-4f29-b8aa-1fb4331376fa
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 170898981
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 34908d5f-58a8-4f29-b8aa-1fb4331376fa
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID fb6f9ae1-4b5b-40bc-a538-b8a4e5d1ec0
    FirstLBA 2048  Last LBA 206847
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 4f0848f0-44f6-4f4f-8862-c1f7b4ef79ec
    FirstLBA 206848  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c9fa89b4-8b17-488b-bd75-e5f16c54b28f
    FirstLBA 2050048  Last LBA 2312191
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8194f0a0-d0ca-4604-9935-3af978f92ca
    FirstLBA 2312192  Last LBA 945293311
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eb6066d5-9ca7-4596-aa9e-55b4e4ec697
    FirstLBA 945295360  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800cacb060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cacbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cacb060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cab82e0, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800caca060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cacab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800caca060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800caba060, DeviceName: \Device\0000009f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800cacf060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cac7690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cacf060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cac7060, DeviceName: \Device\000000a0\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800cacc790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cacd040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cacc790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cac5750, DeviceName: \Device\000000a1\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa800cac8060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cac8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cac8060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cac7b60, DeviceName: \Device\000000a2\, DriverName: \Driver\USBSTOR\
------------ End ----------
<<<2>>>
<<<3>>>
Volume: F:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

# AdwCleaner v6.044 - Logfile created 17/03/2017 at 15:23:22
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-17.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ryan - CARROWMORE
# Running from : F:\Downloads\adwcleaner_6.044.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: vToolbarUpdater18.8.0
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Ryan\AppData\Local\AVG Secure Search
[-] Folder deleted: C:\Users\Ryan\AppData\Roaming\Systweak
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\Systweak
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Systweak
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder deleted: C:\Program Files (x86)\myfree codec
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
 
 
***** [ Files ] *****
 
[-] File deleted: C:\END
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Key deleted: HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\Myfree Codec
[-] Key deleted: HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\systweak
[-] Key deleted: HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Myfree Codec
[#] Key deleted on reboot: HKCU\Software\systweak
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\Myfree Codec
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\systweak
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\Myfree Codec
[#] Key deleted on reboot: [x64] HKCU\Software\systweak
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Value deleted: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
[-] Value deleted: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
[-] Key deleted: HKCU\SOFTWARE\Classes\ChromeHTML
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "browser.search.selectedEngine" -  "Conduit Search"
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [8769 Bytes] - [17/03/2017 15:23:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [8407 Bytes] - [17/03/2017 15:20:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8915 Bytes] ##########
 
 
# AdwCleaner v6.044 - Logfile created 17/03/2017 at 15:20:36
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-17.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ryan - CARROWMORE
# Running from : F:\Downloads\adwcleaner_6.044.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  vToolbarUpdater18.8.0
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Ryan\AppData\Local\AVG Secure Search
Folder Found:  C:\Users\Ryan\AppData\Roaming\Systweak
Folder Found:  C:\ProgramData\AVG Secure Search
Folder Found:  C:\ProgramData\Systweak
Folder Found:  C:\ProgramData\Application Data\AVG Secure Search
Folder Found:  C:\ProgramData\Application Data\Systweak
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found:  C:\Program Files (x86)\myfree codec
Folder Found:  C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found:  C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
 
 
***** [ Files ] *****
 
File Found:  C:\END
File Found:  C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found:  C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found:  C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\service1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found:  HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found:  [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found:  HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\APN PIP
Key Found:  HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\Myfree Codec
Key Found:  HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\systweak
Key Found:  HKU\S-1-5-21-392286310-3643838366-3393110981-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found:  HKCU\Software\APN PIP
Key Found:  HKCU\Software\Myfree Codec
Key Found:  HKCU\Software\systweak
Key Found:  HKLM\SOFTWARE\AVG Security Toolbar
Key Found:  HKLM\SOFTWARE\Myfree Codec
Key Found:  HKLM\SOFTWARE\PIP
Key Found:  HKLM\SOFTWARE\systweak
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found:  [x64] HKCU\Software\APN PIP
Key Found:  [x64] HKCU\Software\Myfree Codec
Key Found:  [x64] HKCU\Software\systweak
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
Key Found:  HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found:  HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found:  HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found:  HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found:  HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Value Found:  HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
Value Found:  HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
Key Found:  HKCU\SOFTWARE\Classes\ChromeHTML
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found:  HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
 
***** [ Web browsers ] *****
 
Firefox pref Found:  [C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fqqj2x97.default\prefs.js] - "browser.search.selectedEngine" -  "Conduit Search"
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [8179 Bytes] - [17/03/2017 15:20:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8252 Bytes] ##########
 


#3 rmcmullan

rmcmullan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 17 March 2017 - 09:54 PM

Those are all of the logs I could find (I've uninstalled Avira and not sure where to find Malwarebytes).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users